def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.SafeLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config
)
self.api_key = get_config_variable(
"MALBEACON_API_KEY", ["malbeacon", "api_key"], config
)
self.author = self.helper.api.identity.create(
name="Malbeacon",
type="Organization",
description="""The first system of its kind, MalBeacon implants \
beacons via malware bot check-in traffic. Adversaries conducting \
campaigns in the wild who are logging in to these malware C2 \
panels can now be tracked. MalBeacon is a tool for the good guys \
that provides additional intelligence on attack attribution.""",
update=True,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = "{}/config.yml".format(
os.path.dirname(os.path.abspath(__file__)))
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Connector Config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
isNumber=True,
)
self.update_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
# CYBERCRIME-TRACKER.NET Config
self.feed_url = get_config_variable("CYBERCRIMET_RACKER_FEED_URL",
["cybercrime-tracker", "feed_url"],
config)
self.connector_tlp = get_config_variable("CYBERCRIME_TRACKER_TLP",
["cybercrime-tracker", "tlp"],
config)
self.interval = get_config_variable(
"CYBERCRIMETRACKER_INTERVAL",
["cybercrime-tracker", "interval"],
config,
isNumber=True,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.mitre_enterprise_file_url = get_config_variable(
"MITRE_ENTERPRISE_FILE_URL", ["mitre", "enterprise_file_url"],
config)
self.mitre_pre_attack_file_url = get_config_variable(
"MITRE_PRE_ATTACK_FILE_URL", ["mitre", "pre_attack_file_url"],
config)
self.mitre_mobile_attack_file_url = get_config_variable(
"MITRE_MOBILE_ATTACK_FILE_URL",
["mitre", "mobile_attack_file_url"], config)
self.mitre_interval = get_config_variable("MITRE_INTERVAL",
["mitre", "interval"],
config, True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path))
if os.path.isfile(config_file_path)
else {}
)
self.interval = 1 # 1 Day interval between each scraping
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config,
)
self.MALPEDIA_API = get_config_variable(
"MALPEDIA_API", ["malpedia", "MALPEDIA_API"], config
)
self.AUTH_KEY = get_config_variable(
"AUTH_KEY", ["malpedia", "AUTH_KEY"], config
)
self.need_update = True
self.last_update = 0
self.api_call = {
"API_CHECK_APIKEY": "check/apikey",
"API_GET_VERSION": "get/version",
"API_GET_FAMILIES": "get/families",
"API_LIST_ACTORS": "list/actors",
"API_GET_FAMILY": "get/family/",
"API_LIST_FAMILIES": "list/families",
"API_GET_YARA": "get/yara/",
'API_LIST_SAMPLES': 'list/samples/',
}
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.cve_import_history = get_config_variable(
"CVE_IMPORT_HISTORY", ["cve", "import_history"], config, False
)
self.cve_nvd_data_feed = get_config_variable(
"CVE_NVD_DATA_FEED", ["cve", "nvd_data_feed"], config
)
self.cve_history_data_feed = get_config_variable(
"CVE_HISTORY_DATA_FEED", ["cve", "history_data_feed"], config
)
self.cve_interval = get_config_variable(
"CVE_INTERVAL", ["cve", "interval"], config, True
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.urlhaus_csv_url = get_config_variable("URLHAUS_CSV_URL",
["urlhaus", "csv_url"],
config)
self.urlhaus_import_offline = get_config_variable(
"URLHAUS_IMPORT_OFFLINE", ["urlhaus", "import_offline"], config,
False, True)
self.urlhaus_interval = get_config_variable("URLHAUS_INTERVAL",
["urlhaus", "interval"],
config, True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.identity = self.helper.api.identity.create(
type="Organization",
name="Abuse.ch",
description=
"abuse.ch is operated by a random swiss guy fighting malware for non-profit, running a couple of projects helping internet service providers and network operators protecting their infrastructure from malware.",
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = Path(
__file__).parent.parent.resolve() / "config.yml"
config = (yaml.load(open(config_file_path, encoding="utf8"),
Loader=yaml.FullLoader)
if config_file_path.is_file() else {})
self.helper = OpenCTIConnectorHelper(config)
self.base_url = get_config_variable("RISKIQ_BASE_URL",
["riskiq", "base_url"], config)
self.interval_sec = get_config_variable("RISKIQ_INTERVAL_SEC",
["riskiq", "interval_sec"],
config)
user = get_config_variable("RISKIQ_USER", ["riskiq", "user"], config)
password = get_config_variable("RISKIQ_PASSWORD",
["riskiq", "password"], config)
# Create the author for all reports.
self.author = Identity(
name=self._DEFAULT_AUTHOR,
identity_class="organization",
description=
" RiskIQ is a cyber security company based in San Francisco, California."
" It provides cloud - based software as a service(SaaS) for organizations"
" to detect phishing, fraud, malware, and other online security threats.",
confidence=self.helper.connect_confidence_level,
)
# Initialization of the client
self.client = RiskIQClient(self.base_url, user, password)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.import_as_pdf = get_config_variable(
"IMPORT_EXTERNAL_REFERENCE_IMPORT_AS_PDF",
["import_external_reference", "import_as_pdf"],
config,
False,
True,
)
self.import_as_md = get_config_variable(
"IMPORT_EXTERNAL_REFERENCE_IMPORT_AS_MD",
["import_external_reference", "import_as_md"],
config,
False,
True,
)
self.import_pdf_as_md = get_config_variable(
"IMPORT_EXTERNAL_REFERENCE_IMPORT_PDF_AS_MD",
["import_external_reference", "import_pdf_as_md"],
config,
False,
True,
)
self.headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64)"
}
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.cyber_threat_coalition_interval = get_config_variable(
"CYBER_THREAT_COALITION_INTERVAL",
["cyber-threat-coalition", "interval_sec"],
config,
True,
)
self.cyber_threat_coalition_base_url = get_config_variable(
"CYBER_THREAT_COALITION_BASE_URL",
["cyber-threat-coalition", "base_url"],
config,
False,
)
self.cyber_threat_coalition_create_indicators = get_config_variable(
"CYBER_THREAT_COALITION_CREATE_INDICATORS",
["cyber-threat-coalition", "create_indicators"],
config,
)
self.cyber_threat_coalition_create_observables = get_config_variable(
"CYBER_THREAT_COALITION_CREATE_OBSERVABLES",
["cyber-threat-coalition", "create_observables"],
config,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.vxvault_url = get_config_variable("VXVAULT_URL",
["vxvault", "url"], config)
self.vxvault_interval = get_config_variable("VXVAULT_INTERVAL",
["vxvault", "interval"],
config, True)
self.create_indicators = get_config_variable(
"VXVAULT_CREATE_INDICATORS",
["vxvault", "create_indicators"],
config,
False,
True,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.identity = self.helper.api.identity.create(
type="Organization",
name="VX Vault",
description=
"VX Vault is providing URLs of potential malicious payload.",
)
def __init__(self):
# get config variable
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path, Loader=yaml.FullLoader))
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.update_existing_data = get_config_variable(
"UPDATE_EXISTING_DATA", ["connector", "update_existing_data"],
config)
self.interval_scan = get_config_variable(
"INTERVAL_SCAN", ["internal_import", "interval_scan"], config)
self._data_path = os.path.dirname(os.path.abspath(__file__)) + "/data"
self.identity = self.helper.api.identity.create(
name="Internal Collector",
type="Organization",
description="Importing internal data from CSV file",
)
self.markingDefinitions = self.helper.api.marking_definition.create(
definition_type="tlp", definition="TLP:WHITE")
self.tag = self.helper.api.tag.create(tag_type="Internal-Import",
value="internal-importer",
color="#2e99db")
self.tagFE = self.helper.api.tag.create(tag_type="Internal-Import",
value="FireEye",
color="#fb4d28")
self.filename = ""
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.amitt_file_url = get_config_variable("AMITT_FILE_URL",
["amitt", "amitt_file_url"],
config)
self.pre_amitt_file_url = get_config_variable(
"PRE_AMITT_FILE_URL", ["amitt", "pre_amitt_file_url"], config)
self.amitt_interval = get_config_variable("AMITT_INTERVAL",
["amitt", "interval"],
config, True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
# Create the corresponding identity
self.helper.api.identity.create(
stix_id="identity--c9c1a598-7d0e-42fa-b8ec-e42c3de95ae4",
type="Organization",
name="CogSec",
description=
"A nonprofit that helps specialists form teams to combat disinformation.",
)
self.helper.api.marking_definition.create(
stix_id="marking-definition--8c9e2257-1c62-4ff0-9de0-1deed93cf282",
definition_type="statement",
definition="Copyright 2021, CogSec.",
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# ExportReportPdf specific config settings
self.primary_color = get_config_variable(
"EXPORT_REPORT_PDF_PRIMARY_COLOR",
["export_report_pdf", "primary_color"],
config,
)
self.secondary_color = get_config_variable(
"EXPORT_REPORT_PDF_SECONDARY_COLOR",
["export_report_pdf", "secondary_color"],
config,
)
self.set_colors()
self.company_address_line_1 = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_1",
["export_report_pdf", "company_address_line_1"],
config,
)
self.company_address_line_2 = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_2",
["export_report_pdf", "company_address_line_2"],
config,
)
self.company_address_line_3 = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_ADDRESS_LINE_3",
["export_report_pdf", "company_address_line_3"],
config,
)
self.company_phone_number = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_PHONE_NUMBER",
["export_report_pdf", "company_phone_number"],
config,
)
self.company_email = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_EMAIL",
["export_report_pdf", "company_email"],
config,
)
self.company_website = get_config_variable(
"EXPORT_REPORT_PDF_COMPANY_WEBSITE",
["export_report_pdf", "company_website"],
config,
)
self.indicators_only = get_config_variable(
"EXPORT_REPORT_PDF_INDICATORS_ONLY",
["export_report_pdf", "indicators_only"],
config,
)
self.defang_urls = get_config_variable(
"EXPORT_REPORT_PDF_DEFANG_URLS",
["export_report_pdf", "defang_urls"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.api_key = get_config_variable("HYBRID_ANALYSIS_TOKEN",
["hybrid_analysis", "api_key"],
config)
self.environment_id = get_config_variable(
"HYBRID_ANALYSIS_ENVIRONMENT_ID",
["hybrid_analysis", "environment_id"],
config,
True,
110,
)
self.max_tlp = get_config_variable("HYBRID_ANALYSIS_MAX_TLP",
["hybrid_analysis", "max_tlp"],
config)
self.api_url = "https://www.hybrid-analysis.com/api/v2"
self.headers = {
"api-key": self.api_key,
"user-agent": "OpenCTI Hybrid Analysis Connector - Version 4.5.5",
"accept": "application/json",
}
self.identity = self.helper.api.identity.create(
type="Organization",
name="Hybrid Analysis",
description="Hybrid Analysis Sandbox.",
)["standard_id"]
self._CONNECTOR_RUN_INTERVAL_SEC = 60 * 60
def __init__(self):
"""Read in config variables"""
config_file_path = os.path.dirname(os.path.abspath(__file__))
config_file_path += "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
username = get_config_variable(
"TAXII2_USERNAME", ["taxii2", "username"], config
)
password = get_config_variable(
"TAXII2_PASSWORD", ["taxii2", "password"], config
)
server_url = get_config_variable(
"TAXII2_DISCOVERY_URL", ["taxii2", "discovery_url"], config
)
self.verify_ssl = get_config_variable(
"VERIFY_SSL", ["taxii2", "verify_ssl"], config, default=True
)
# if V21 flag set to true
if get_config_variable("TAXII2_V21", ["taxii2", "v2.1"], config, default=True):
self.server = tx21.Server(
server_url, user=username, password=password, verify=self.verify_ssl
)
else:
self.server = tx20.Server(
server_url, user=username, password=password, verify=self.verify_ssl
)
self.collections = get_config_variable(
"TAXII2_COLLECTIONS", ["taxii2", "collections"], config
).split(",")
self.initial_history = get_config_variable(
"TAXII2_INITIAL_HISTORY", ["taxii2", "initial_history"], config, True
)
self.per_request = get_config_variable(
"TAXII2_PER_REQUEST", ["taxii2", "per_request"], config, True
)
self.interval = get_config_variable(
"TAXII2_INTERVAL", ["taxii2", "interval"], config, True, 1
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
"""Read in config variables"""
config_file_path = os.path.dirname(os.path.abspath(__file__))
config_file_path += "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.cape_api_url = get_config_variable("CAPE_API_URL",
["cape", "api_url"], config)
self.cape_url = get_config_variable("CAPE_BASE_URL",
["cape", "base_url"], config)
self.EnableNetTraffic = get_config_variable(
"CAPE_ENABLE_NETWORK_TRAFFIC",
["cape", "enable_network_traffic"],
config,
default=False,
)
self.EnableRegKeys = get_config_variable(
"CAPE_ENABLE_REGISTRY_KEYS",
["cape", "enable_registry_keys"],
config,
default=False,
)
self.verify_ssl = get_config_variable("VERIFY_SSL",
["cape", "verify_ssl"],
config,
default=True)
self.interval = get_config_variable("CAPE_INTERVAL",
["cape", "interval"], config, True,
30)
self.start_id = get_config_variable("CAPE_START_TASK_ID",
["cape", "start_task_id"], config,
True, 0)
self.report_score = get_config_variable("CAPE_REPORT_SCORE",
["cape", "report_score"],
config, True, 0)
self.create_indicators = get_config_variable(
"CAPE_CREATE_INDICATORS", ["cape", "create_indicators"], config)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.cape_api: cuckoo = cuckoo(self.helper, self.cape_api_url,
self.verify_ssl)
def __init__(self):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.lastinfosec_cti_url = "https://api.client.lastinfosec.com/v2/stix21/getbyminutes/{}?api_key={}&headers=false&platform=opencti"
self.lastinfosec_cve_url = "https://api.client.lastinfosec.com/v2/stix21/vulnerabilities/getlasthour?api_key={}&headers=false&platform=opencti"
self.lastinfosec_tactic_url = "https://api.client.lastinfosec.com/v2/stix21/tactic/getlast24hour?api_key={}&headers=false&platform=opencti"
self.lastinfosec_apikey = get_config_variable(
"CONFIG_LIS_APIKEY", ["lastinfosec", "api_key"], config)
self.lastinfosec_cti_enabled = get_config_variable(
"CONFIG_LIS_CTI_ENABLED", ["lastinfosec", "cti", "is_enabled"],
config)
self.lastinfosec_cti_interval = get_config_variable(
"CONFIG_LIS_CTI_INTERVAL", ["lastinfosec", "cti", "interval"],
config)
self.lastinfosec_cve_enabled = get_config_variable(
"CONFIG_LIS_CVE_ENABLED", ["lastinfosec", "cve", "is_enabled"],
config)
self.lastinfosec_tactic_enabled = get_config_variable(
"CONFIG_LIS_TACTIC_ENABLED",
["lastinfosec", "tactic", "is_enabled"], config)
self.opencti_url = get_config_variable("OPENCTI_URL",
["opencti", "url"], config)
self.opencti_id = get_config_variable("OPENCTI_TOKEN",
["opencti", "token"], config)
self.update_existing_data = get_config_variable(
"OPENCTI_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"], config)
self.proxy_http = get_config_variable("PROXY_HTTP",
["opencti", "proxy_http"],
config)
self.proxy_https = get_config_variable("PROXY_HTTPS",
["opencti", "proxy_https"],
config)
total_enabled = 0
if self.lastinfosec_cti_enabled:
total_enabled += 1
if self.lastinfosec_cve_enabled:
total_enabled += 1
if self.lastinfosec_tactic_enabled:
total_enabled += 1
if total_enabled == 0:
raise Exception("You must enable one feed")
elif total_enabled > 1:
raise Exception("You can enable only one feed per connector")
self.api = OpenCTIApiClient(self.opencti_url, self.opencti_id)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + '/config.yml'
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.misp_url = get_config_variable('MISP_URL', ['misp', 'url'], config)
self.misp_key = get_config_variable('MISP_KEY', ['misp', 'key'], config)
self.misp_ssl_verify = get_config_variable('MISP_SSL_VERIFY', ['misp', 'ssl_verify'], config)
self.misp_create_report = get_config_variable('MISP_CREATE_REPORTS', ['misp', 'create_reports'], config)
self.misp_report_class = get_config_variable(
'MISP_REPORT_CLASS',
['misp', 'report_class'],
config
) or 'MISP Event'
self.misp_import_from_date = get_config_variable('MISP_IMPORT_FROM_DATE', ['misp', 'import_from_date'], config)
self.misp_import_tags = get_config_variable('MISP_IMPORT_TAGS', ['misp', 'import_tags'], config)
self.misp_interval = get_config_variable('MISP_INTERVAL', ['misp', 'interval'], config, True)
self.update_existing_data = get_config_variable(
'CONNECTOR_UPDATE_EXISTING_DATA',
['connector', 'update_existing_data'],
config
)
# Initialize MISP
self.misp = ExpandedPyMISP(url=self.misp_url, key=self.misp_key, ssl=self.misp_ssl_verify, debug=False)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader
) if os.path.isfile(config_file_path) else {}
self.helper = OpenCTIConnectorHelper(config)
self.token = get_config_variable('IPINFO_TOKEN', ['ipinfo', 'token'],
config)
self.max_tlp = get_config_variable('IPINFO_MAX_TLP',
['ipinfo', 'max_tlp'], config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.token = get_config_variable("IPINFO_TOKEN", ["ipinfo", "token"],
config)
self.max_tlp = get_config_variable("IPINFO_MAX_TLP",
["ipinfo", "max_tlp"], config)
def __init__(self, conf_data):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else conf_data)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.backup_protocol = get_config_variable("BACKUP_PROTOCOL",
["backup", "protocol"],
config)
self.backup_path = get_config_variable("BACKUP_PATH",
["backup", "path"], config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.api_key = get_config_variable("ABUSEIPDB_API_KEY",
["abuseipdb", "api_key"], config)
self.max_tlp = get_config_variable("ABUSEIPDB_MAX_TLP",
["abuseipdb", "max_tlp"], config)
self.whitelist_label = self.helper.api.label.create(value="whitelist",
color="#4caf50")
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + '/config.yml'
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.cve_nvd_data_feed = get_config_variable('CVE_NVD_DATA_FEED', ['cve', 'nvd_data_feed'], config)
self.cve_interval = get_config_variable('CVE_INTERVAL', ['cve', 'interval'], config, True)
self.update_existing_data = get_config_variable(
'CONNECTOR_UPDATE_EXISTING_DATA',
['connector', 'update_existing_data'],
config
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.threatmatch_url = get_config_variable(
"THREATMATCH_URL", ["threatmatch", "url"], config
)
self.threatmatch_client_id = get_config_variable(
"THREATMATCH_CLIENT_ID", ["threatmatch", "client_id"], config
)
self.threatmatch_client_secret = get_config_variable(
"THREATMATCH_CLIENT_SECRET", ["threatmatch", "client_secret"], config
)
self.threatmatch_interval = get_config_variable(
"THREATMATCH_INTERVAL", ["threatmatch", "interval"], config, True, 5
)
self.threatmatch_import_from_date = get_config_variable(
"THREATMATCH_IMPORT_FROM_DATE", ["threatmatch", "import_from_date"], config
)
self.threatmatch_import_profiles = get_config_variable(
"THREATMATCH_IMPORT_PROFILES",
["threatmatch", "import_profiles"],
config,
False,
True,
)
self.threatmatch_import_alerts = get_config_variable(
"THREATMATCH_IMPORT_ALERTS",
["threatmatch", "import_alerts"],
config,
False,
True,
)
self.threatmatch_import_reports = get_config_variable(
"THREATMATCH_IMPORT_REPORTS",
["threatmatch", "import_reports"],
config,
False,
True,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.identity = self.helper.api.identity.create(
type="Organization",
name="Security Alliance",
description="Security Alliance is a cyber threat intelligence product and services company, formed in 2007.",
)
def __init__(self):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.remote_opencti_url = get_config_variable(
"REMOTE_OPENCTI_URL", ["remote_opencti", "url"], config)
self.remote_opencti_token = get_config_variable(
"REMOTE_OPENCTI_TOKEN", ["remote_opencti", "token"], config)
self.remote_opencti_events = get_config_variable(
"REMOTE_OPENCTI_EVENTS", ["remote_opencti", "events"],
config).split(",")
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/../config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
# Extra config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
isNumber=True,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.API_KEY = get_config_variable("VALHALLA_API_KEY",
["valhalla", "api_key"], config)
self.INTERVAL_SEC = get_config_variable(
"VALHALLA_INTERVAL_SEC",
["valhalla", "interval_sec"],
config,
isNumber=True,
)
self.helper = OpenCTIConnectorHelper(config)
self.helper.log_info(f"loaded valhalla config: {config}")
# If we run without API key we can assume all data is TLP:WHITE else we
# default to TLP:AMBER to be safe.
if self.API_KEY == "" or self.API_KEY is None:
self.default_marking = self.helper.api.marking_definition.read(
id=TLP_WHITE["id"])
self.valhalla_client = ValhallaAPI()
else:
self.default_marking = self.helper.api.marking_definition.read(
id=TLP_AMBER["id"])
self.valhalla_client = ValhallaAPI(api_key=self.API_KEY)
self.knowledge_importer = KnowledgeImporter(
self.helper,
self.confidence_level,
self.update_existing_data,
self.default_marking,
self.valhalla_client,
)
def __init__(self) -> None:
# Instantiate the connector helper from config
base_path = os.path.dirname(os.path.abspath(__file__))
config_file_path = base_path + "/../config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.create_indicator = get_config_variable(
"IMPORT_DOCUMENT_CREATE_INDICATOR",
["import_document", "create_indicator"],
config,
)
# Load Entity and Observable configs
observable_config_file = base_path + "/config/observable_config.ini"
entity_config_file = base_path + "/config/entity_config.ini"
if os.path.isfile(observable_config_file) and os.path.isfile(
entity_config_file):
self.observable_config = self._parse_config(
observable_config_file, Observable)
else:
raise FileNotFoundError(f"{observable_config_file} was not found")
if os.path.isfile(entity_config_file):
self.entity_config = self._parse_config(entity_config_file,
EntityConfig)
else:
raise FileNotFoundError(f"{entity_config_file} was not found")
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
self.create_indicator = get_config_variable(
"PDF_OBSERVABLES_CREATE_INDICATOR",
["pdf_observables", "create_indicator"],
config,
)
self.types = {
"MD5": "File.hashes.MD5",
"SHA1": "File.hashes.SHA-1",
"SHA256": "File.hashes.SHA-256",
"Filename": "File.name",
"IP": "IPv4-Addr.value",
"DomainName": "Domain-Name.value",
# Directory is not yet fully functional
# "Directory": "Directory.path",
"URL": "Url.value",
"Email": "Email-Addr.value",
"CVE": "Vulnerability.name",
"Registry": "Windows-Registry-Key.key",
}
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.api_url = "https://api.client.lastinfosec.com/v2"
self.lastinfosec_apikey = get_config_variable(
"CONFIG_LIS_APIKEY_CTI", ["lastinfosec", "api_key_cti"], config)
self.proxy_http = get_config_variable("PROXY_HTTP",
["opencti", "proxy_http"],
config)
self.proxy_https = get_config_variable("PROXY_HTTPS",
["opencti", "proxy_https"],
config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.identity = self.helper.api.identity.create(
type="Organization",
name="UnpacMe",
description="UnpacMe",
)["standard_id"]
self.octi_api_url = get_config_variable("OPENCTI_URL",
["opencti", "url"], config)
# Get URL and private from config, use to instantiate the client
user_agent = get_config_variable(
"UNPAC_ME_USER_AGENT",
["unpac_me", "user_agent"],
config,
)
api_key = get_config_variable(
"UNPAC_ME_API_KEY",
["unpac_me", "api_key"],
config,
)
self.private = get_config_variable(
"UNPAC_ME_PRIVATE",
["unpac_me", "private"],
config,
)
self.unpacme_client = UnpacMeApi(api_key=api_key,
user_agent=user_agent)
# Other config settings
self.family_color = get_config_variable(
"UNPAC_ME_FAMILY_COLOR",
["unpac_me", "family_color"],
config,
)
self.default_tag_color = get_config_variable(
"UNPAC_ME_FAMILY_COLOR",
["unpac_me", "tag_color"],
config,
)
self.less_noise = get_config_variable(
"UNPAC_ME_LESS_NOISE",
["unpac_me", "less_noise"],
config,
)
self.max_tlp = get_config_variable(
"UNPAC_ME_MAX_TLP",
["unpac_me", "max_tlp"],
config,
)
